How to configure IIS to handle slash in url ?

Bernard 1 Reputation point
2021-06-10T17:10:35.037+00:00

Hello guys,

i have been through this problem the entire day, but i'm not able to resolve it.
I'm trying to get data calling a web service using this curl command :
curl -X GET "https://<XXXXXXXXXXXXXXXXXXXXX>/products/A31328X19883360161%252f2" -H "accept: application/json" -H "Authorization: Basic XXXXXXXXXXXXXXXXXXXXX" -H "X-API-Key: XXXXXXXXXXXXXXXXXXXXX"
But I got 400 error code as bad request response code.

When i try without any special character in another product ID, it totally works and I got a result as expected. I guess due to encoded slash is not working.

I'm running under this configuration in Microsoft Azure :
SERVER_SOFTWARE=Microsoft-IIS/10.0
OS version: Microsoft Windows NT 10.0.14393.0
64 bit system: True

Here is my config file :

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.web>
    <httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters=""/>           
  </system.web>
  <system.webServer>
    <rewrite>
      <rules>
        <clear/>
        <rule name="Permanent HTTP to HTTPS Redirect" stopProcessing="true">
          <match url=".*"/>
          <conditions logicalGrouping="MatchAll">
            <add input="{HTTPS}" pattern="off" ignoreCase="true"/>
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="true"/>
        </rule>
      </rules>
    </rewrite>
    <handlers>
        <add name="httpPlatformHandler" path="*" verb="*" modules="httpPlatformHandler" resourceType="Unspecified" />
    </handlers>

    <httpPlatform processPath="%JAVA_HOME%\bin\java.exe"
                  startupTimeLimit="300" startupRetryCount="3"
                  arguments="-Djava.net.preferIPv4Stack=true -jar &quot;%HOME%\site\wwwroot\XXXXX.war&quot; --server.port=%HTTP_PLATFORM_PORT% --spring.profiles.active=dev">
        <environmentVariables>
            <environmentVariable name="JAVA_OPTS" value="-Dserver.port=%HTTP_PLATFORM_PORT%"/>
        </environmentVariables>
    </httpPlatform>
    <security>
      <requestFiltering removeServerHeader="true" allowDoubleEscaping="true" allowHighBitCharacters="true"/>
    </security>
    <httpProtocol>
      <customHeaders>
        <remove name="X-Powered-By"/>
      </customHeaders>
    </httpProtocol>
  </system.webServer>
</configuration>

To authorize my encoded value, I have added :
<system.web>
<httpRuntime requestValidationMode="2.0" requestPathInvalidCharacters=""/>
</system.web>
And also : allowDoubleEscaping="true" allowHighBitCharacters="true" in <requestFiltering>.

I have read a lot of information about it, but i'm still not able to have a result.

Have you any idea to resolve this issue ?

Internet Information Services
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.